This module is for instantiating cryptographically strong
determinitic random bit generators (DRBGs, aka PRNGs) For the simple
use case of using the system random number generator
(System.Crypto.Random) to seed the DRBG:

Instantiate a new random bit generator. The provided
bytestring should be of length >= genSeedLength. If the
bytestring is shorter then the call may fail (suggested
error: NotEnoughEntropy). If the bytestring is of
sufficent length the call should always succeed.

genBytes len g generates a random ByteString of length
len and new generator. The MonadCryptoRandom package
has routines useful for converting the ByteString to
commonly needed values (but cereal or other
deserialization libraries would also work).

This routine can fail if the generator has gone too long
without a reseed (usually this is in the ball-park of 2^48
requests). Suggested error in this cases is NeedReseed

genBytesWithEntropy g i entropy generates i random
bytes and use the additional input entropy in the
generation of the requested data to increase the confidence
our generated data is a secure random stream.

Some generators use entropy to perturb the state of the
generator, meaning:

If the generator has produced too many random bytes on its
existing seed it will throw NeedReseed. In that case,
reseed the generator using this function and a new
high-entropy seed of length >= genSeedLength. Using
bytestrings that are too short can result in an error
(NotEnoughEntropy).

Helper functions and expanded interface

While the safety and wisdom of a splitting function depends on the
properties of the generator being split, several arguments from
informed people indicate such a function is safe for NIST SP 800-90
generators. (see libraries@haskell.org discussion around Sept, Oct
2010)